Section: New Results

Online Risk Management

Participants : Rémi Badonnel [contact] , Oussema Dabbebi, Olivier Festor.

Telephony over IP has known a large scale deployment and has been supported by the standardization of dedicated signaling protocols. This service is however exposed to multiple attacks due to a lower confinement in comparison to traditional PSTN networks. While a large variety of methods and techniques has been proposed for protecting VoIP networks, their activation may seriously impact on the quality of such a critical service. Risk management provides new opportunities for addressing this challenge. In particular, our work aims at performing online risk management for VoIP networks and services. The purpose is to adapt the service exposure with respect to the threat potentiality, while maintaining a low security overhead. Based on the classification of VoIP attacks and the analysis of their properties, we have refined in [11] an extended risk modeling for IP telephony infrastructures. This modeling permits to cover a large spectrum of security attacks. It supports our online risk management strategy which is capable of dynamically activating or deactivating security safeguards in the VoIP infrastructure. The mitigation is based on the control of the service exposure using these safeguards. We have compared our solution to other traditional strategies, and have quantified the benefits and limits according to multiple performance criteria. We have also analyzed the impact of the risk model parameters on our mitigation, and showed to what extent the parameterization can be partially automated in [12] . An important part of our efforts has focused in the year 2011 on extending our online risk management strategy to more distributed configurations [32] . While our initial work was centered around Asterisk-based enterprise networks, we have taken a particular interest in P2PSIP networks. They constitute an open decentralized solution where the registration and location servers are implemented by a distributed hash table responsible for storing the bindings between the address-of-record SIP-URI and the contact SIP-URI. We have identified different attack sources and attack scenarios in these P2PSIP networks, considering the functional roles that are played by the SIP peers. The security threats are specific to the P2PSIP protocol or are the result of inheritance from the SIP layer and the peer-to-peer area. In that context, we have analyzed the instantiation of our online risk modeling by taking into account the properties and components of the P2PSIP architecture, and have established a portfolio of dedicated countermeasures, including replication-based an certification-based techniques. We have evaluated the strategy performance and scalability through an extensive set of experiments performed with the OMNET++ simulator. We also have quantified the complementarity of our solution with the RELOAD security framework which relies on a central certificate enrolment server.